Record, recall, share

Sponsored Links

I am looking for a simple regex or text-matching based method to filter emails on my Postfix server. For the most part, my server does not get any spam, so there is no need for a heavy-duty antispam solution. On the other hand, there is just one very persistent malware spammer who keeps sending one particular type of trojan to my main email account. This has gotten out of hand.

Postfix has content-based filtering capability. In fact, it has multiple ways to attach filters. However, its documentation is rather baroque, and the top Google hits tend to be how to integrate a separate filtering server into the mail process.

The simplest solution that I found involves the use of capabilities called mime_header_checks and body_checks, which are filtering behaviors that can be configured through Postfix's main.cf file.

There are also several ways to configure body_checks. I used pcre-based regex matching. On Ubuntu, this involved apt-get'ing the postfix-pcre package first.

Once the capability is installed, add a line to main.cf like so:mime_header_checks=pcre:/etc/postfix/header_checks

where pcre: specifies a regex based filter and /etc/postfix/header_checks is a file containing regex filtering expressions, one filter per line.

Share this solution

Comments

I find this kind of filter basically useless. All you have to do is rename your file and the attachment will go through. change .exe to .ex1 and now you can send executable programs. Granted, you probably can't just double click them on the other side, but still.

—
Nathan
on April 19, 2011, 11:11 PM UTC

@Nathan sure, but general spam is not the problem I want to solve. if you read the problem statement up there, I described that my problem -- blocking one specific set of emails exhibiting a specific set of known properties. I solve information retrieval problems for a living, but pulling out a support vector machine classifier is more than overkill for this issue.